On Oct 28, 2015, at 3:27 PM, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:
Sorry, I left out one critical point. Consider what happens when I want to send mail to ietf@xxxxxxxx. I write a message in my MUA. It connects to my maildrop at nominum.com. Nominum.com accepts and queues the mail. Then it establishes a connection to ietf.org. IETF.org mail well send a 5xx status code at the end of the DATA transaction, but it’s too late: my MUA has already disconnected, and there’s no way to send a synchronous status update. In order for this to work, when I connect to my maildrop, my maildrop has to immediately connect to ietf.org when it sees RCPT TO: ietf@xxxxxxxx. It has to then tunnel the message through, applying any local policy in the process and aborting the connection to ietf.org if the local policy detects a violation while _it_ is scanning the message body that’s being dumped on the maildrop. If local policy allows the process to get to the end of the DATA transaction, and the response from ietf.org is a 5xx response, then the maildrop server at nominum.com has to still have the connection open, and has to respond with the same 5xx response. If Postfix is able to do this, that is news to me, but I will admit that I gave up on being a Postfix expert a long time ago—like most MTAs, it addresses too many use cases, and so it’s difficult to configure. Sendmail, even farther in the past for me, is even worse. If there is some new MTA out there that does a better job of addressing modern use cases, I am interested to hear about it. I get the impression that most of the interesting MTA research nowadays is being done by the big mail processors, and isn’t trickling down, but I may just not have looked in the right place. Of course, what I am describing is made more painful by various anti-spam tactics like greylisting. |